YourITDepo Page Menu

WP Platinum Blog

HTC on Tuesday confirmed a gaping vulnerability in its Android phones that could be exploited by a third-party to steal personal information from users.

The company said it was not aware of any customers yet impacted by the flaw, but that it was “diligently” working on a fix.

“Following a short testing period by our carrier partners, the patch will be sent over-the-air to customers, who will be notified to download and install it,” the statement said.

The flaw, affecting several HTC Android smartphone models, was discovered by researcher Trevor Eckhart, who alerted the company about it on Sept. 24 and received no response for five days before going public with the issue on Friday, according to the blog AndroidPolice, which first reported the news.

The bug stems from a recently added program, HTCLoggers.apk, which logs large amounts of information from the phones, according to Eckhart. The program enables any third-party app that requests permission to connect to the web to easily access data that has been logged. This information includes user accounts, email addresses, GPS locations, SMS data, phone numbers and system logs.

Cybercriminals and other villains intent on stealing all manner of personal and government data are bombarding federal government agencies.

Over the past 5 years, the number of incidents reported by federal agencies to US-CERT (United States Computer Emergency Readiness Team) has increased from 5,503 incidents in fiscal year 2006 to 41,776 incidents in fiscal year 2010 —
including a more than tripling of the volume of malicious software since 2009 — an increase of over 650%, according to a Government Accountability Office security report out this week.

The good news is perhaps that according to US-CERT, the growth in the gross number of incidents is attributable, at least in part, to agencies improving detection of security incidents on their respective networks, and then possibly implementing appropriate responsive and preventative countermeasures, the GAO stated.

Agencies reported the following types of incidents are occurring frequently:

Unauthorized access: Gaining logical or physical access to a federal agency’s network, system, application, data, or other resource without permission.

Denial of service: Preventing or impairing the normal authorized functionality of networks, systems, or applications by exhausting resources. This activity includes being the victim of or participating in a denial of service attack.

Malicious code: Installing malicious software (e.g., virus, worm, Trojan horse, or other code-based malicious entity) that infects an operating system or application. Agencies are not required to report malicious logic that has been successfully quarantined by antivirus software.

Improper usage: Violating acceptable computing use policies. Scans/probes/attempted access: Accessing or identifying a federal agency computer, open ports, protocols, service, or any combination of these for later exploit. This activity does not directly result in a compromise or denial of service.

Posted in Security on October 4th, 2011 by sky | | Comments Off on Malicious security assaults increased 650% in past five years, Feds say

All Platinum Categories

All Platinum Tags

Archive for October 4th, 2011

HTC on Tuesday confirmed a gaping vulnerability in its Android phones that could be exploited by a third-party to steal personal information from users.

The company said it was not aware of any customers yet impacted by the flaw, but that it was “diligently” working on a fix.

“Following a short testing period by our carrier partners, the patch will be sent over-the-air to customers, who will be notified to download and install it,” the statement said.

The flaw, affecting several HTC Android smartphone models, was discovered by researcher Trevor Eckhart, who alerted the company about it on Sept. 24 and received no response for five days before going public with the issue on Friday, according to the blog AndroidPolice, which first reported the news.

The bug stems from a recently added program, HTCLoggers.apk, which logs large amounts of information from the phones, according to Eckhart. The program enables any third-party app that requests permission to connect to the web to easily access data that has been logged. This information includes user accounts, email addresses, GPS locations, SMS data, phone numbers and system logs.

Cybercriminals and other villains intent on stealing all manner of personal and government data are bombarding federal government agencies.

Over the past 5 years, the number of incidents reported by federal agencies to US-CERT (United States Computer Emergency Readiness Team) has increased from 5,503 incidents in fiscal year 2006 to 41,776 incidents in fiscal year 2010 —
including a more than tripling of the volume of malicious software since 2009 — an increase of over 650%, according to a Government Accountability Office security report out this week.

The good news is perhaps that according to US-CERT, the growth in the gross number of incidents is attributable, at least in part, to agencies improving detection of security incidents on their respective networks, and then possibly implementing appropriate responsive and preventative countermeasures, the GAO stated.

Agencies reported the following types of incidents are occurring frequently:

Unauthorized access: Gaining logical or physical access to a federal agency’s network, system, application, data, or other resource without permission.

Denial of service: Preventing or impairing the normal authorized functionality of networks, systems, or applications by exhausting resources. This activity includes being the victim of or participating in a denial of service attack.

Malicious code: Installing malicious software (e.g., virus, worm, Trojan horse, or other code-based malicious entity) that infects an operating system or application. Agencies are not required to report malicious logic that has been successfully quarantined by antivirus software.

Improper usage: Violating acceptable computing use policies. Scans/probes/attempted access: Accessing or identifying a federal agency computer, open ports, protocols, service, or any combination of these for later exploit. This activity does not directly result in a compromise or denial of service.

Posted in Security by sky | Comments Off on Malicious security assaults increased 650% in past five years, Feds say

WP Platinum Search

Search WP Platinum:

What is Your IT Depo?

The premier local Information Technology Services Company Servicing Garrett County and surrounding areas. We handle "Everything IT" and more, for our customers. Services range from basic consumer service to Enterprise level support for your business, at fraction of the cost. Email or call us today and don't worry YourITDepo is here.